Rizwan,Thanks again for help - Page 2

Ken Mackay · ‎03-09-2015

Software versions for the ASA5512 is 9.1(2)

Software version for the the ASA5505 is 8.2(5)

Seeking a configuration outline for a hub and spoke environment. The hub is the ASA5512 and the spokes are ASA5505's. There will be several spokes so hoping the config would be similar on each spoke. The HUB will be static and all spokes will be DHCP. All help is welcomed!

Thanks

Ken

rizwanr74 · ‎03-14-2015

Both ASA2 and ASA3 are being terminated to static tunnel instance "crypto map VPN", whereas ASA1 is using dynamic tunnel one to many.

Hope that answers your question.

Thanks.

Ken Mackay · ‎03-14-2015

Rizwan,

Thanks it does. Again many thanks.

Ken

Ken Mackay · ‎03-24-2015

Rizwan,

Thanks again for help last time. I haven't posted on here in awhile, I hope your around? Lately we have been modifying the orginal configuration. The most signifcant changs were to remove the 7.0.0.0/24 subnet from OSPF on ASA1, remove the 7.1.0.0/24 subnet from OSPF on ASA2, and finally remove 7.2.0.0/24 subnet from OSPF on ASA3. It seems to work ok with the ASA2 and ASA3 OSPF routes removed and I believe that's because we would not know the IP address of the dynamic ends. However when I removed the 7.0.0.0/24 subnet from ASA1 because I want it to be static only, the tunnels regards less if required or not remain up. Now the Tunnel from ASA1 to ASA2 seems fine it remains up and traffic eventually stops, however ASA1 to ASA3 the tunnel remains up and continues to pass traffic and fails to take the default route through the 4.0.0.0/24 subnet and I can't understand why? Perhaps you would know? I don't care if the tunnels remain up however no traffic should pass until the default route 4.0.0.0/24 fails. As mentioned when I put the 7.0.0.0/24 back into ASA1 on OSPF everything returns to normal and all works as it should. I should also mention that ASA1 has a route of last resort 0.0.0.0 0.0.0.0 7.0.0.1 125. I'll attach current configs perhaps you can see something I can't? Thanks again.

Ken

Ken Mackay · ‎03-23-2015

Rizwan,

Thanks again for help last time. I haven't posted on here in awhile, I hope your around? Lately we have been modifying the orginal configuration. The most signifcant changs were to remove the 7.0.0.0/24 subnet from OSPF on ASA1, remove the 7.1.0.0/24 subnet from OSPF on ASA2, and finally remove 7.2.0.0/24 subnet from OSPF on ASA3. It seems to work ok with the ASA2 and ASA3 OSPF routes removed and I believe that's because we would not know the IP address of the dynamic ends. However when I removed the 7.0.0.0/24 subnet from ASA1 because I want it to be static only, the tunnels regards less if required or not remain up. Now the Tunnel from ASA1 to ASA2 seems fine it remains up and traffic eventually stops, however ASA1 to ASA3 the tunnel remains up and continues to pass traffic and fails to take the default route through the 4.0.0.0/24 subnet and I can't understand why? Perhaps you would know? I don't care if the tunnels remain up however no traffic should pass until the default route 4.0.0.0/24 fails. As mentioned when I put the 7.0.0.0/24 back into ASA1 on OSPF everything returns to normal and all works as it should. I should also mention that ASA1 has a route of last resort 0.0.0.0 0.0.0.0 7.0.0.1 125. I'll attach current configs perhaps you can see something I can't? Thanks again.

Ken

rizwanr74 · ‎03-10-2015

I revised my very first post on this thread, please go through it again.

Thanks

Hub and Spoke environment with a ASA5512 as the hub and several ASA5505s as spokes